China Makes Hacking Arrests on Behalf of US

A report by the Washington Post this week revealed a promising development between China and US. Ellen Nakashima and Adam Goldman’s article made the case that the Chinese government is indeed willing to play ball alongside the US in combating commercial cyber theft.

For the past several years the US has repeatedly placed blame on the Chinese for several large hacking endeavors. Not the least of which is the Office of Personnel Management (OPM) hack in which attackers stole over 21 million federal workers information including more than 5 million fingerprints earlier this year.

Obama administration officials have also continually accused the Chinese of industrial cyber espionage- possibly state sponsored- aimed at gaining commercial trade secrets in order to further China’s own businesses and economy. This was the focus of the talks held between the two leaders.

Besides this, tensions between the eastern and western superpowers have been on the rise because of China’s apparent currency manipulation and conflict over the South China Sea. However, at the same time China and the US have been able to reach an agreement on other issues like agreements to reduce their contribution to climate change.

There is a universal consensus that cybersecurity, particularly industrial cyber espionage, is and will be a growing issue in the coming years. Top US military officials have expressed concerns over increasingly sophisticated attacks from hostile countries like Russia, Iran, North Korea, as well as China. In the immediate future, analysts and officials believe that these attacks will likely spread to not only stealing data but the manipulation of it as well.

One of the biggest hurdles when battling industrial cyber espionage, or any cybersecurity threat, is being able to point the finger. After a sophisticated cyber attack it is much harder to find the culprit than say, finding out who launched a missile. Regardless, many major players in the US government have long suspected that much of the cybersecurity threats come from state sponsored hackers- including China.

Which is why the US is attempting to be proactive regarding this issue now. The world was aware long before Xi Jinping’s visit that the bulk of talks between the two presidents would be squarely on cybersecurity. Highlighting this, ahead of his state dinner with President Obama, Xi met with several CEOs of top US tech companies including: Facebook, Apple, Microsoft, Amazon, Starbucks, Boeing, Google, and more than 20 others.

Talk of Industrial Cyber Espionage

The cybersecurity talks held between President Obama and President Xi led to a substantial, albeit somewhat murky, agreement between the two leaders to work together to fight industrial cyber espionage. The agreement was described by President Obama as laying the framework for future collaboration.

Both countries agreed to neither conduct or knowingly support cyber theft of intellectual property. Another agreement was that Beijing and Washington would open a ‘cyber hotline’ of sorts for senior officials to raise technical concerns. In tandem with this they also agreed to create positions for experts that will act as liaisons between the countries in order to keep an open line of communication regarding cybersecurity. The deal also committed the Chinese to “timely responses” when the US requests assistance with cyberespionage.

This agreement has been called a first step in the right direction but many officials, including Director of National Intelligence James Clapper, voiced skepticism over China’s sincerity: perhaps rightfully so. Beijing didn’t necessarily come to the table out of pure intentions.

Ahead of the Xi’s visit, Obama was clear that sanctions were on the table if China chose not to cooperate and make concrete strides to combat industrial cyber espionage threats. Obama said, “We are preparing a number of measures that will indicate to the Chinese that this is not just a matter of us being mildly upset but is something that will put significant strains on the bilateral relationship if not resolved.”

The Action

Washington Post’s story will likely put at least some of the fears to rest. They say that ahead of Xi Jinping’s visit, while a Chinese delegation was hammering out a deal with the White House, China arrested several people responsible for commercial and industrial cyber espionage.

Details of the arrests are far and few between, but here is what we do know.

The arrests came a week or two before President Xi’s visit and was not publicized either in the US or abroad. No names or number of arrests have been released. In fact, all of the Post’s sources chose to remain anonymous due to the sensitivity of the issue.

The sources state that China made these arrests as a display of good faith in the negotiations. They also say that those arrested were arrested because of explicit requests by the US. One source said, “We need to know that you’re [China] serious. So we gave them a list, and we said, ‘Look, here’s these guys. Round them up.'”

Because of the lack of available public information about the arrests it is unclear whether the individuals were with the Chinese military but in the article Washington Post states, “they were accused of carrying out state-sponsored economic espionage, individuals familiar with the matter said.”

In the next step for the Chinese to prove their loyalty to the cybersecurity cause, US officials are looking for them to follow through with prosecution in the following months. In addition to prosecuting the individuals, the US hopes that China will make the trials public. Public trials will both serve as a deterrent to future industrial cyber espionage as well as show the world that China and the US are indeed committed to the struggle together.

Furthermore, beyond these initial arrests, and hopefully trials, that show good faith by the Chinese government, the US is also looking for continued cooperation and involvement in this issue. Regardless of the initial naysayers, only time will tell if this new partnership against commercial cyber theft will be beneficial for both nations. Maybe, if large, developed nations like China and the US can learn to trust and work together on cybersecurity then the prisoner’s dilemma that the Snowden Treaty presents will be less of an issue.